Fundamental Practices for Secure Software Development - 2ND EDITION
A Guide to the Most Effective Secure Development Practices in Use Today
February 8, 2011 - SAFECode
SAFECode publico el pasado 8 de febrero/2011 la segunda edición del documento titulado "Fundamental Practices for Secure Software Development - A Guide to the Most Effective Secure Development Practices in Use Today", documento muy útil a la hora del desarrollo seguro de software.
The report is intended to help others in the industry initiate or improve their own software security programs and encourage the industry-wide adoption of fundamental secure development methods.
The report is intended to help others in the industry initiate or improve their own software security programs and encourage the industry-wide adoption of fundamental secure development methods.
Temario:
Introduction
Secure Design Principles- Threat Modeling
- Use Least Privilege
- Implement Sandboxing
Secure Coding Practices
- Minimize Use of Unsafe String and Buffer Functions
- Validate Input and Output to Mitigate Common Vulnerabilities
- Use Robust Integer Operations for Dynamic Memory Allocations and Array Offsets
- Use Anti-Cross Site Scripting (XSS) Libraries
- Use Canonical Data Formats
- Avoid String Concatenation for Dynamic SQL Statements
- Eliminate Weak Cryptography
- Use Logging and Tracing
Testing Recommendations
- Determine Attack Surface
- Use Appropriate Testing Tools
- Perform Fuzz / Robustness Testing
- Perform Penetration Testing
Technology Recommendations
- Use a Current Compiler Toolset
- Use Static Analysis Tools
No hay comentarios:
Publicar un comentario